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Abstract. Julia Robinson has given a first-order definition of the 
rational integers Z in the rational numbers Q by a formula (V3V3) (F = 
0) where the V-quantifiers run over a total of 8 variables, and where F is 
a polynomial. This implies that the Ss-theory of Q is undecidable. We 
prove that a conjecture about elliptic curves provides an interpretation 
of Z in Q with quantifier complexity V3, involving only one universally 
quantified variable. This improves the complexity of defining Z in Q 
in two ways, and implies that the Sa-theory, and even the n2-theory, 
of Q is undecidable (recall that Hilbert's Tenth Problem for Q is the 
question whether the Si-theory of Q is undecidable). 

In short, granting the conjecture, there is a one-parameter family of 
hypersurfaces over Q for which one cannot decide whether or not they 
all have a rational point. 

The conjecture is related to properties of elliptic divisibility sequences 
on an elliptic curve and its image under rational 2-descent, namely 
existence of primitive divisors in suitable residue classes, and we discuss 
how to prove weaker-in-density versions of the conjecture and present 
some heuristics. 



Introduction. 

This paper addresses a mixture of number theory and logic, and we will 
use this introduction to give an informal preview directed at both com- 
munities. The central two questions can be phrased as follows: "What is 
more difficult: to decide of an arbitrary polynomial equation with integer 
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coefficients whether it has an integer solution, or whether it has a rational 
solution?"; and: "What is a hard problem about rational points?" If one 
makes these vague questions mathematically more precise, "decide" should 
mean the existence of an algorithm on a Turing Machine (which in prac- 
tice is equivalent to any notion of "computable" via Church's Thesis). Call 
Hubert's Tenth Problem HTP(i?) for a subring R of the rational number 
Q the question whether one can decide if an arbitrary polynomial equation 
with integer coefficients has a solution in R. The classical result of Davis, 
Matijasevich, Putnam and Robinson (jTHj, [21], |221) shows that HTP(Z), 
for Z the ring of integers, has a negative answer. The answer to HTP(Q), 
however, is not known. But a more general problem has been settled by 
Julia Robinson in 1949 She showed that Z is definable in Q by a 

first-order formula. This implies that the full first order theory of Q is 
undecidable, i.e., that one cannot decide (in the above sense) the truth of 
an arbitrary first-order sentence in Q built from the symbols (0, 1, +, x, =). 
One should think of such a sentence as a "algorithmically hard" number 
theoretical statement 

(vx« . . . x«)(3,« . . . y«) . . . (vxr^ . . . 4:^)(3y!''^ • • • yi^.') ■■ ^(-' y) = 0' 

where -F is a polynomial over Z in multi- variables x = {x^i \ ■ ■ ■ , x^f^^) and 

^VeN^)- Note: any formula over Q can be put into this form, 
which we call positive prenex form (cf. lemma H"^ . Examples of such state- 
ments: if there are only existential quantifiers (A^ = = 0), such a 
formula says that a certain diophantine equation has a solution; a formula 
with = 1 says that a family of diophantine equations has a solution in y 
for all values of the parameters x, etc. 

Related to our first question, Robinson's result expresses in some sense 
that testing the truth of such sentences in Q or in Z is "equally hard". 
HTP(Q) is the particular case where one only wants to decide the truth of 
formute with = 1 and /i = (with ei = m arbitrary): (3yi . . . y^) • 
F{yi, . . . , ym) = 0. We now recast the original question above in the follow- 
ing way: how "complex" does a formula in Q have to be, in order to be 
undecidable? Phrased more dramatically: what is the easiest hard problem 
about rational points? Since we want to indicate how far a formula is from 
being "diophantine" (i.e., in positive prenex form with A'^ = 1), in 11.51 — 
11.81 we look at the following two measures of complexity. First, we define 
the positive arithmetical hierarchy (S"'",!!"'") as follows: we let = 11^ 
denote the set of atomic formute (= "polynomials"). Define a formula ^ 
inductively to be in (resp. 11^) if it is of the form (resp. V$f) with 
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G n^_^ (resp. ^ G The place in the hierarchy of a formula counts 

its number of quantifier changes. Secondly, we introduce the total number 
of universal quantifiers of a formula as above to be /i + • • • + /at. 

An analysis shows that a positive prenex form of Julia Robinson's origi- 
nal formula defining Z in Q is a IlJ-formula fsee ll.lU)) . and we can conclude 
from this that the S^-theory of Q (= theory of all S^-sentences that are 
true in Q) is undecidable. HTP(Q) is the question whether the E^-theory 
is undecidable. Also, that formula, in positive prenex form, has 8 universal 
quantifiers. This should be considered at the verge of human mathematical 
understanding — one is compelled to quote Hartley Rogers, Jr.: "The hu- 
man mind seems limited in its ability to understand and visualize beyond 
four or five alternations of quantifier." ( 26 , p. 322). 

So how can we, in any way, improve upon this complexity? We propose to 
use elliptic curves and give a conjectural improvement. First of all, we recall 
the concept of a model^ of Z in Q (cf. and study how the complexity 

of formula changes under interpretation via certain models (jl.l4WL22|) . We 
then recall (in Section [JJ how elliptic curves over Q provide natural models 
of (Z, -|-) in Q. We follow a suggestion of Pheidas { '.2M) that it is natural to 
use such models to try to define "divisibility" of integers within Q; this is 
very much inspired by the function field case. For this, we have to introduce 
a variant of the old concept of "elliptic divisibility sequence" (apparently 
due to Lucas and studied by M. Ward, cf. 35 ). Assume that E is an 
elliptic curve over Q with (0, 0) as 2-torsion point and Weierstrass equation 
y2 = _j_ _|_ with b squarefree, and that P is a point of infinite order 
of sufficiently large height on E. Then for even n, we can write 



for coprime integers An, Bn, Cn, and {C^:} forms an odd divisibility sequence 
in the sense that C„ divides Ctn precisely for odd t (|2.12() . Our first main 
theorem uses two further notions. Let R denote a set of primes. We agree to 
identify primes p with normalized non-archimedean valuations v = Vp, such 
that v{p) = 1 and v{ab) = v{a) + v{h) (please mind: this is a logarithm of 
what has been called a valuation elsewhere). We say that {C*} is i?-(odd- 
)primitive if any Cn has an (odd order) primitive divisor from i?, i.e., there 
is a valuation v & R such that f (C„) is non-zero (odd) but v{Ci) = for all 

^The words "model" and "interpretation" seem to have acquired a non-standard mean- 
ing in connection with HTP. The precise meaning will be explained in the text. 
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i < n. Secondly, for two rational numbers x and y, we denote by the 
R-divisibility predicate: (Vw G R){v{x) odd =^ v{x) < Theorem 13.51 

then says that if in the above setup, {C=k} is R-odd-primitive, then for any 
integers m, n G Z, 

m\n <^ ^RiVrnVx^, VnV^) V ^RiVrnVx^, Vm+ny/Xm+n) 

This is our attempt at defining integer divisibility in the rational numbers. 

The relevant question becomes: can we find R for which is equivalent 
to a formula in Ti'^ (whence irrelevant from our point of view of complex- 
ity) and for which {C*} is i?-primitive? The elliptic Zsigmondy's theorem, 
transferred to C, says that i?-primitivity holds for R equal to the set of all 
primes, but we don't know whether is SJ*" for that R. On the other 
hand, a theorem of Van Geel and Demeyer (based on previous work of Phei- 
das and Van Geel/Zahidi) states that is diophantine for R = Rr, the set 
of primes inert in one of finitely many quadratic number fields of discrimi- 
nants D = {di, . . . ,dr}, and hence for R of arbitrary high Dirichlet density 
7^ 1, see 13.151 So our natural conjecture 1)3. 16() becomes an inertial eUiptic 
Zsigmondy's theorem: there exists E,P and D as above such that {C*} is 
R D -odd-primitive. 

We can show that multiplication is definable in (Z,-|-, |,0,7^) by a S^- 
formula only involving one universal quantifier 1)4. Ij) . and that our model 
allows us to get rid of "0" and Collecting these facts, we arrive at 

our second main theorem: the conjecture impUes that integer arithmetic 
(Z, -|-, X ) is interpretable by a T,^ -formula in the rationals Q, using only one 
universal quantifier; and that the "E^-theory of Q is undecidable. This (con- 
jecturally) improves the complexity of Robinson's definition in two ways. In 
sectional we adapt the construction to show that the conjecture even implies 
that the II2 -theory (and even the set of formulas with only one universal 
quantifier) is undecidable; but note that this is not proven by constructing a 
model of Z in Q that has complexity 11^. The geometrical meaning of this 
statement is that there is a one-parameter family of hypersurfaces over Q 
for which one cannot decide whether or not they all have a rational point. 

It is difficult to verify the conjecture numerically since it involves hard 
prime factorisations. However, note that the philosophy of encoding the 
integer n by the point nP on an elliptic curve is advantageous from the point 
of view of divisibility for two reasons: the "powerful" part of the coordinates 
of nP is very small (in the sense that the height of the "powerless" part of 
nP is of the same order as the height of nP), and Cn tends to have many 
more prime factors than n. These remarks can be turned into heuristics 
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that support the conjecture (see sectional). The conjecture incorporates 
statements about solutions in coprime integers of such Calabi-Yau surfaces 
as 

[A^ + B^){A'^ + IIB^) = 32 • 5^ • {X^ - 5Y^ f, 

which becomes the "One Equation to Rule Them All" of the n2-theory of Q 
(like Martin Davis's for the Si-theory of Z; but that equation heuristically 
behaved the wrong way, cf. |29j). 

Finally, we use the periodicity of elliptic divisibility sequences to prove in 
Section dthat if {-B*} is the elliptic divisibility sequence associated to (2, —4) 
on y'^ = -\- Ix^ + 2x, then any B^e for s a prime number = ±3 mod 8 has 
a primitive odd order divisor from R^, and for D = {5,13,29,41,53}, the 
set {s prime : Bg has a primitive odd order divisor from Rd} has Dirichlet 
density at least 95.5%. 

Remarks, (i) Beltjukov studied the theory of (Z, +, |) ( 2 ) and Lipshitz 
(jTTj, UHl, jni) has studied divisibility structures of the form (i^, +, |) for 
the ring of integers in a number field K, including (independently) the 
usual integers, and obtained exact results on which of these theories are 
(un)decidable. He showed in particular that multiplication is definable in 
the S^-theory of such a structure and that it contains a diophantine model 
of Z, precisely if has infinitely many units. Thus, if K is not equal to 
Q or an imaginary quadratic number field and A is an abelian variety with 
multiplication by ^, then an imitation of the above theory for A would lead 
to a SJi'^-definition of Z in Q and hence a negative answer to Hilbert's Tenth 
Problem for Q. This can already occur for A the Jacobian of a genus two 
curve with real multiplication: to give an example from jll], the curve 

: y'^ + {x^ + x'^ + x)y = x'^ + + 3x^ - 2x + 1 

(the modular curve Xo(85) modulo an Atkin-Lehner involution) has a Jaco- 
bian of rank two over Q, and real multiplication by Z[\/2] defined over Q. 
The role of the "x-coordinate" on the elliptic curve should be played by the 
associated Kummer surface. There are, however, many obstacles to make 
such a generalisation work, even assuming certain arithmetical conjectures. 

A generalisation of the above to elliptic curves with complex multiplica- 
tion, however, should be unproblematic. 

(ii) In another direction, Poonen ([21!) has shown that there exists a set 
S of primes of Dirichlet density one such that Z is definable by a diophantine 
formula in Z[^]. 
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(iii) This paper supersedes the first author's year 2000 manuscripts jS] 
about the topic. 

(iv) Number theorists can take the fohowing direct path to the relevant 
conjecture: Sections 12.4112.141 (divisibihty sequences), 13.11 13.71 ((weak) R- 
primitivitv). 13.151 fmain conjecture) and Sections IHl and [7| (discussion of the 
conjecture). 

Acknowledgements. It is a pleasure to thank Thanases Pheidas for his 
help. The first author thanks Graham Everest for making him reconsider this 
material during an inspiring visit to UEA in 2004, and for many suggestions. Some 
of the heuristical arguments in section 15.41 were shown to us by Bjorn Poonen 
at Oberwolfach in 2003, and some of the references in that section where kindly 
provided by Pieter Moree. Marco Streng suggested some important improvements 
in section 121 

1. Models and their complexity. 

1.1 Positive prenex-form. Julia Robinson proved in 1949 that the 
set of rational integers Z is definable in the rational numbers Q ([23) by a 
first-order formula. It is still an open problem whether Z can be defined in Q 
by a positive-existential formula (and consequently, the positive-existential 
theory of Q is undecidable). It should therefore be interesting to study 
the question of how complicated the definition of Z is in terms of number of 
universal quantifiers used, or number of quantifier changes. We thus propose 
to study the complexity of defining the integers in the rational numbers. 
To formulate the problem very precisely, we need to make the following 
convention: a formula in the first-order theory of (Z,-|-, x,0, 1,=) or 
(Q, +, X , 0, 1, =) will be written in the following normal form: 

Vx« . . . Vx«3,« . . . 3yW . . . Vx^ . . . ^xfjByf^ . . . 3yi^J : F(x, y) = 0, 

with Ci > for i = 1, . . . , N — 1 and fi > for all i = 2, . . . ,N; where 
F is a polynomial in multi- variables x = {x^i \ ■ ■ ■ , x^^_^ , • • • , x[^\ . . . , x^J^^) 

and y = {y^^ , ■ ■ ■ , yi^i , • ' ' ; Vi^^ ; • • • > Ve^^ ) • We will call such a formula a 
((/i, ei), . . . , (/at, cn)) -formula and call this form the positive prenex form. 
Note that the formula is not only in "prenex" -form (in which the quantifiers 
are followed by a quantifier-free formula that can be any boolean combina- 
tion of atomic formula; see, e.g. [S], p. 157), but that we let the quantifiers 
be followed by a single atomic formula, viz. an equation. That this is pos- 
sible is specific to certain languages. We don't want to allow negations in 
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the quantifier-free part, because we are interested in measuring "closeness" 
to a positive existential (= diophantine) formula. It is indeed possible to 
transform any formula into such positive prenex normal form; this is well 
known but we include a proof for completeness. 

1.2 Lemma, let R C. Q be a ring. Any Erst-order formula in the ring 
language {R, +, x , 0, 1, =) of R can be written in normal form. 

Proof. The following logical connectives can occur: =^,-i,V,A. Here is 
an algorithm that eliminates their occurrences. Replace A ^ B hy -lAV B. 
Pull negations from left to right through a formula (changing quantifiers 
and connectives accordingly). Put all the quantifiers on the left (possibly 
changing names of variables). 

Lagrange's four-squares theorem states that any integer n > is a sum 
of four squares. Therefore, fovxeR we have 

x>0 ^ {3a,b,c,d,eJ,g,h){{e'^+f+g'^ + h'^){x+l)=a^ + b'^+c^+cP). 

Furthermore, ra 7^ <^=^ (n > 0) V (n < 0). Use this to replace, for a 
polynomial P, the formula P 7^ by a formula only involving equality signs. 

For polynomials P and Q, replace (P = 0) V (Q = 0) by PQ = 0, and 
(P = 0) A (Q = 0) by P'^ + Q^ = 0. The final result of all these replacements 
is the above normal form. □ 

1.3 Remark. Depending on R, one can sometimes improve upon the 
number of existential quantifiers used to translate P 7^ 0. For example, if 
P = Q, then P^O ^ (3Q)(PQ = 1). 

1.4 Remark. The polynomial F in the general positive prenex form 
might still depend on unquantificd variables (also called free variables) which 
are omitted in our notation; this will cause no confusion. If no free variables 
occur we call the formula a sentence. A sentence has a precise truth-value, 
whereas this is not the case for a formula with free variables. However if 
wc give these free variables a specific value then we obtain a sentence with 
a specific truth value. The set of all specifications of the free variables for 
which the corresponding sentence is true, is the set defined by the formula. 

1.5 Measures of complexity. As explained in the introduction, we do 
not care too much about the number of existential quantifiers, but want to 

have as few universal quantifiers as possible in OTir formula. A first measure 
of such complexity of a formula is its total number of universal quantifiers 
(t-complexity) 

i(^) := /i + • • • + /iv. 
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A second measure of complexity is the place of the formula in the (positive) 
arithmetical hierarchy, that we will now introduce. 

1.6 The positive arithmetical hierarchy. One usually defines the 
(arithmetical) hierarchy (S, H) of a language as follows (compare 0, p. 117). 
Let Sq = Hq denote the set of quantifier-free formula. Define a formula ^ 
inductively to be in S„ (resp. n„) if it is of the form (resp. V?f) with 

G n„_i (resp. ^ G S„_i). 

In accordance with our use of a normal form which is positive prenex, 
we define the positive arithmetical hierarchy (S"^,n^) as follows: we let 

= denote the set of positive boolean combinations of atomic formulae. 
Define a formula ^ inductively to be in (resp. 11+) if it is of the form 
3^ (resp. V^) with 5^ e n+_^ (resp. ^ E ^n-i)- 

A formula in Si is called existential, in IIi universal, in Ylf positive 
existential or diophantine. 

The number of quantifier changes c (c-complexity) can be defined by 

r 2iV-l iihcN^O, 
c{^):=l 2N-2 if one of /i,e7v = 
( 2iV - 3 if /i = CAT = 0. 

In terms of the hierarchy, this means the following: if ^ G ^^+1 ~ 
^ e ^t+i - then c(^) = n. 

For a ring language as in 11.21 formulae in E^J" are equivalent to atomic 
formulae bv 11.21 Furthermore, as non-equalities are existential, any E2n+i- 
formula is equivalent to a Sg'^.^^-formula and any n2n-formula is equivalent 
to a n^^-formula. 

By abuse of the syntax/semantics difference, we will from now on some- 
times write that ^ G if ^ is equivalent in the theory under consideration 
to a formula in 

1.7 Remark, (i) For (N,+, x,0, 1), a polynomial bijection N 
as in Martin Davis ([IDj. pp. 236-237) can be used to show that any formula 
is equivalent to a formula in positive prenex form with /i = . . . = /tv = 1. 
For (Z, -|-, X , 0, 1), the same conclusion /i = . . . = /at = 1 holds by the 
method of diophantine storing. The analogous statement is not known for 
Q, but would follow from the ABC-hypothesis, see '^l- 

(ii) In the course of the proof of the main theorem, we will also have to 
use other languages than the usual ring language, and the reader should be 
cautioned that the positive and the usual hierarchy can be quite different 
in such a case (up to equivalence of formula in that language) : there might 
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be quantifier-free formute that are not equivalent to an atomic formula. 
Example: (a = 6) A (c = d) in (Z, +, 0, 1, =). 

1.8 Remark. A formula ^ could be equivalent (in a given theory) to 
a formula ^ whose complexity is different. In practice, it is often possible 
to reduce the number of universal quantifiers in a formula by using fewer 
variables, and we will sometimes do so. For example if ^ and ^ are formula 
with disjoint sets of variables, then (VX, A^^(y)) is equivalent to 
(VX)(^(X) A^(X)). 

1.9 Robinson's definition. Julia Robinson's definition of the integers 
is the following: Let (j){A^ B, K) denote the formula (3X, Y, Z){P^ b'k ~ ^) 

with Pabk = 2 + ABK^ + BZ'^ - X'^ - AY'^. Then for iV E Q, we have 
iV G Z ^ M{N) with 

M{N) : 'iA,B{[^{A,B,Q) h {^M){<j){A,B,M) ^ (t){A,B,M + 1))] 
^(t>{A,B,N) } 

We will now analyse the diophantine complexity of this formula: 

1.10 Lemma. The formula ^ is equivalent to a IlJ- ((5, 4), (3, 1))- 
formula with t{^) = 8 and c(^) = 3. 

Proof. We use the algorithm from the proof of Lemma 11.21 Thus, we 
replace the implications to get 

(V^, B){ ^[ <j){A, B, 0) A (VM)(^0(A, B, M)V(p{A, B, M+1)) ] V0(^, B, N) }. 
We pull through the negations 

(V^, B){ [ B, 0) V {3M){(P{A, B, M)A^(P{A, B, M+1)) ] V0(^, B, N) }. 

Now plug in the (0, 3)-formula (f){A, B, *) 

(V^, B, X, Y, Z){3M, X',Y', Z'){yX", Y" , Z"){3X"', Y'" , Z'") 

[ Piio + V {pX^;/ = A PX'dM'+i ^ 0) V PaZn"''"' = ] 

In Q, we can replace an inequality by an equality at the cost of introducing 
one existential quantifier H1.3|) . We can use the same variable for both 
inequalities in the above formula, since it is a disjunction of inequalities. 
We can simplify the arising formula further by using the same name for X' 
and X'", Y' and Y'" and Z' and Z'" . to arrive at a ((5,4), (3, l))-formula. 
□ 
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1.11 (Diophantine) models. Our (conjectural) improvement of this 
formula will not depend on a definition of Z as a subset of Q, but rather on 
the existence of a model of Z over Q. We therefore give a general definition 
first (in a certain model theoretic parlance, this just means an interpretation 
of the first theory in the second model): 

1.12 Definition. Let (M, L, 0) be a triple consisting of a set M and 

a finite collection L = {r-j} of subsets of cartesian powers of M (called 
"relations" or "constants" ) , where (/) is an interpretation of L in M (which 
we will often leave out of the notation). If (N, L' = {sj}, (p') is another such 
triple, M is said to have a model {D, t) in N if there is a bijection l : M ^ D 
between M and a definable subset D of some cartesian power A^*^ of N, such 
that the induced inclusions of z.(rj) in the appropriate cartesian power of 
are definable subsets. We call d the dimension of the model. By slight 
abuse, we will sometimes omit l from notations. 

1.13 Examples. Prom now on, we will write Z and Q for (Z,L) and 
(Q,L) with L = (0,1,+, x,=) the standard language of rings. By further 
abuse of notation, we will often leave out the constants "0" , "1" and equality 
"=" from a language on a ring. A model of Z in Q is a countable definable 
subset of D, such that under a bijection l : Z ^ D, the induced images 
of the graphs of addition and multiplication are definable subsets and 
Dx of Q'^- The result of Julia Robinson shows that one can cake D = Zi 
and L = id, leading to a one-dimensional model. If G is an afiine algebraic 
group over Q, then embedding G in some affine space of dimension d gives 
a d-dimcnsional model of (G(Q),+g) in (Q,+, x). If G(Q) = Z, one thus 
has a model of (Z,+) in Q (but lacking multiplication). 

One can measure the complexity of a model by the complexity of the 
formula that define the embeddings of the relations. Thus, 

1.14 Definition. For S a definable subset of a cartesian power of N, 
write t{S) < n (or c{S) < n) if there exists a formula ^ defining S with 
n = t{^) (or n = c{^)). 

We say that the t-complexity t{D) of a model {D, l) of (M, L) in (N, L') 
satisfies t{D) < n if 

m<XK{t{i{D)),t{i{ri))} < n, 

and similarly for the c-complexity or position in the hierarchy. D is called 
a diophantine model of M in iV if t{D) = 0. 

1.15 Remark. This definition involves only upper bounds for the 
complexity of a definable set, since S could be definable by several equivalent 
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formute having different complexity, cf. 11.81 In general, it seems quite hard 
to prove that a set cannot be defined by a less complex formula. 

1.16 Examples (continued). The complexity of Julia Robinson's 
model is as in Lemma II.IUI The t-complexity of embedding (G(Q),+g') 
in Q (for G an affine algebraic group) is zero, since G(Q) is the solution 
set to the ideal of equations that defines G in affine space, and addition is 
defined by an algebraic formula that involves the coordinates in that affine 
space (note that a different formula might be needed for distinct cases, such 
as doubling of points, but this distinction is made by a formula only involv- 
ing inequalities and case distinctions, that are equivalent to a formula only 
involving existential quantifiers). 

1.17 Remark. If Z admits a diophantine model in Q, then there 
exists a variety V over Q such that the real topological closure of the set 
of rational points V'(Q) in the set of real points 1^(R) has infinitely many 
connected components. This contradicts a conjecture of Mazur, cf. [Hj- 

1.18 Translation of formulae. One can use a model of M in to 
translate formulae in M to formulas in A^, such that true sentences in M are 
precisely translated into true sentences in A^. Given a formula ^ in M, one 
replaces every occurrence of a variable x by the A^-definition of "x G D" , 
and every occurrence of a relation r(x) by the A^-definition of r. One thus 
gets a formula which we denote by 

1.19 Example. Consider the formula ^ : (3xi)(Vx2)(a;fx2 + X2 = 

in Z. Suppose one is given a 2-dimensional model D C of Z in Q. Then 
this formula translates into 

: {3ylyl)iyylyj){3mu2ViV2)[{yl,yf) eDA [{yly^^) G ^ ^ 

[{yi,yi,yi,yi,ui,u2) e l{x) a iyl,yj,ui,u2,vi,v2) e t(x) a 
{ylylvi,v2,L{0)) G 

where one should now further replace membership of D,l{+) and t(x) by 
their first-order definitions. Note the introduction of the "dummy variables" 
Ui,Vi to unravel nested occurrences of addition and multiplication. 

If one applies positive prenex simplification to remove implications and 
negations, one can keep track of the complexity of the translation. One can 
ask how the complexity of a formula changes under translation. We will 
only consider the following case: 

1.20 Proposition. Let (D, l) he a d-dimensional model ofZ in Q and 
assume that membership of D is atomic and of /-(+) is Tjf. In the following 
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table, the second and third column list the positive hierarchical status of 
the formula as a function of the status of l{x) and ^ as it is indicated 
in the first column and top row: 







G n+ ^ E 


n^„ {n > 0) 




y+ 
y+ 
n+ 

^-^2n+s+2 



(note: inclusion of a formula in a class of the hierarchy means that the 
formula is equivalent to a formula in that class). Furthermore, in all cases 
we have 

t{L{^)) < t{L{x)) + dt{^) . 

Proof. The proof is a matter of non-trivial book-keeping. We use the 
following notation: let = U 11^. We need to establish the following 
fact, that will be used implicitly in the sequel: 

11.201 1 Lemma. Let be a Ti^-formula (respectively a H^-formula) 
and suppose that {^2, -^q} is a finite collection of formulae such that each 

is either a y1^-formula (respectively a H^-formula) or a A^-formula, for 
some m < n. Then 

^ = A ... A and ^' = ... V 

are T,^ -formulae (respectively -formulae) . 

Suppose further that is a ((fikii G-iki\ •••) {fill Cii)) -formula', then: 

fci g ki 

t{^) < ^max{/i,,...,^} and t{^') < ti^,) + ... + t(Fq) = ^ ^ /ii • 

j=l i=l j=l 

We prove the result for a 11+ statement - the other cases are similar. 
Without loss of generality, we may assume that each formula is a n+- 
formula (indeed, we can add quantifiers whose variables are those variables 
that do not appear freely in for each new variable x introduced in this 
way add the equation "x = x" ) . For n = the statement is trivial. For n = 1 
the result is also clear, since for any formulae 'if, ^, (Vx)('^(x)) A (Vy)(^(y)) 
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is equivalent to (Vx)('^(x) A So, suppose each of the is a n^+^- 

formula with n > 0, i.e., each is of the form 

(Vxi,...,a;/^J(3yi, ymj(^i(xi, yi, y/)) 

with G n^_i- Let m = mi + ... + nig and / = maxj fn. Since for any 
formute ^, ^, (Vx)('r(x)) A (Vy)(^(y)) is equivalent to (Vx)('r(x) A ^(x)), 
and (3x)('^(x)) A (3y)(^(y)) is equivalent to (3x,y)('^(x) A (^(y)), the 
formula ^ is equivalent to 

(Vxi, ...,Xf){3yi, ...,ym){^i A ... A . 

By induction, the formula ^ = ^\ l\ ... I\ 5fg is n^_i, hence =^ is a H^+i- 
formula. We have = / + and hence by induction = 

maxj /ji + X]j=2 ™a^i /ij) which proves the result (note that the extra quan- 
tifiers which we may have added to make all formulae 11^ do not affect the 
statement). The statement concerning a disjunction of IT^-formute can be 
proven similarly, by noting that for formulae 'if, ^, (Vx)('(f (x)) V (Vy)(^(y)) 
is equivalent to (Vx, y)('^(x) V^(x)), and (3x)('^(x)) V (3y)(^(y)) is equiv- 
alent to (3x)('i^(x) V (^(x)). This proves the lemma. □ 

The proof of I1.2UI is by induction, jumping down by 2 in the hierarchy 
(and thus induction starts at the two lowest levels of the hierarchy): 

(a) Let /-(x) G Suppose first that ^ G S^, i.e., 

^ ■ F(xi,...,x„) = 

for some integral polynomial. Then there exists a set A = {!,...,£}, with 
£ > n, subsets /, J C and natural numbers s,r G A such that the 
translation /-(^) is of the form: 

(xi G -D A ... A x„ G -D) A (3ui, u^) 

(ui = xi A ... Au„ = x„/\(ui^,Ui2,Ui3) G t(+) 

ie/ 

A^"ii'"j2'"i3) e i(x) A (ur,Ur,t(0)) G /-(+)) , 

where i = {ii,i2,h) and j = (ji,j2) ja) are multi-indices and boldface vari- 
ables are variables ranging over Q'^. The conjunction 

/\(ui^,Ui2,Ui3) G /\(uj^,Uj2,Uj3) G i{x) A (ur,Ur,t(0)) G 
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is a conjunction of S]'"-formulae and S+-formulae, and hence is itself a Hf- 
formula. Hence, the formula is a conjunction of a S+-formula and a 

E[J"formula, hence is a E+-formula. Furthermore, = t(i-(x)). 

li^ e S+, thent(=^) G S+. Indeed, write =^ = a;„) 
for some quantifier-free formula ^. The translation is then given by: 

(3xi,...,x„)(xi G D A... Ax„ e L> A t(Sf)(xi,...,x„)), 

and the result is clear since membership of D is atomic. 

We proceed by induction. Suppose that ^ is ^^+1^ there exists a 
^-formula ^ such that 

^ : {3xi,...,xn){yyi,...,ym)i'^{xi,...,xn,yi,...,ym)) ■ 
The translation then becomes: 

(3x1, ...,x„)(Vyi, ...,y^)[(xi e £> A ... A x„ e £>) A 
A((ym eD/\...AymeD)^ t(^)(xi,...,x„,yi,...,y^))] 

which is equivalent to: 

(3xi,...,x„)(Vyi,...,ym)[(xi G D A ... Ax„ G D) A 
A(yi ^ D V ...ym V i(^)(xi, ...,x„,yi, ...,ym))] 

Since subformulae of the form y ^ D are negations of atomic formulae in the 
language of Q, they are equivalent to a formula in T,f and, by induction 
i(^) G ^n-i+s + 1 even) or S^.a+s (n + 1 odd), it follows that the 
subformula 

(xi G D A ... Ax„ G Z?) A (yi ^ V ...y„ V /,(^)(xi, x„, yi, y„)) 

is S^_i_,_g (n + 1 even) or S^+g (n + 1 odd). Hence /.(=^) is S^_,_i_,_s (n + 1 
even) or S^^.^ (n + 1 odd). Furthermore, t{i{-^)) = dm + t(t(5f)), from 
which we find by iteration that t{i{^)) = dt{^) + t(t(x)). 
If ^ is a n^-formula, the result can be proven in a similar way - but one 
has to start the induction at n = 1 and n = 2. 

(b) Assume i(x) G n+. If =^ is a EQ"-formula we get the same translation 
as in (a). The subformula 

/\(Uii,Ui2,Uj3) G t(+) /\(Uji,Uj2,Uj3) G l{x) a {Ur,Ur,L{(})) G i(+)) 

fe-f jeJ 
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is a conjunction of S^^-formulae and n+-formulae, and hence is itself a Hf- 
formula. The translation of is then of the form: 

(3ui,...,uO^ 

where W is 11+, hence t(^) is S+_j_j^. 

If ^ is a S+-formula, then ^ = (Bxi, x„)^^(xi, x„) for some 
quantifier-free formula The translation is then given by: 

(3x1, ...,x„)(xi e D A ... AXn e -DAi.(^)(xi,...,x„)) . 

Since is and membership of D is atomic, the quantifier-free part 

of this formula is S^^. Hence is S^-^. 

We proceed by induction. Let ^ he a S^^^-formula, i.e. 

^ = (3xi,...,Xn)(Vyi, ...,ym){^{xi, ...,x„,yi, ...,ym)) 

for some ^ G ^t.-v "^^^ translation then becomes: 

(3xi,...,x„)(Vyi,...,y„)[(xi G D A ... A x„ G Z?) A 
A((ym e D A ... Ay^e D) ^ )(xi, x„, yi, y^))] 

which is equivalent to: 

(3xi,...,x„)(Vyi,...,ym)[(xi G -D A ... A x„ G D) A 
A(yi ^ i:>V ...y^ Vt(^)(xi,...,x„,yi,...,y^))] . 

By induction i(^) is a S+^^-formula (if n-|- 1 is even) or S+_,_g_]^-formula (if 
n + 1 is odd) , hence 

(xi G L»A... Ax„ G £>) A(yi ^ D V ...y^ V t(^)(xi, x„, yi, y„)) 

is S+_,_j, or i;^_,_^_i. Prom which it easily follows that is (" + 1 

even) or S^_|_g_,_i (n + 1 odd). 

If is a n+-formula, the result can be proved in a similar way (but starting 
the induction at n = 1 and n = 2. □ 

1.21 Remark. If membership of D is positive-existential, then one 
can slightly alter the model {D,i) to another {D',i') in which membership 
of D' is quantifier-free, and hence for this altered model the theorem is true. 

1.22 Corollary. If {D, l) is a model of Z in Q that has D defined by 
an atomic (T,q -) formula, diophantine (S^j and i(i(x)) < 1, then the 
T,'^ -theory of Q is undecidable. 
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Proof. Davis, Matijasevich, Putnam and Robinson (cf. 10 ) have shown 
that the S^-theory of Z is undecidable, but the proposition imphes that any 
S^-sentence is translated into a S^-sentence over Q using t. Indeed, l{x) 
is n^, or Ejj", and in each of these cases, a S]*'-sentence translates to a 
and Sjj'-sentence, respectively. □ 

2. Preliminaries on elliptic divisibility sequences 

2.1 Elliptic curve model of (Z,+). Let E denote an elliptic curve 
of rank one over Q. Thus, as a group, -E(Q) = Z©=;7fora finite group 

of cardinality r. Let P be a point of infinite order on E. Choose a plane 
model /(x, y) = for E. 

2.2 Lemma, (i) In the above coordinates {x,y), for any r, the set 
Ty-T = {rrP) = {nrrP : n G Z} is diophantine over Q. 

(ii) Consider Dr := {{x,y,l) : {x,y) G T^^} U {(0, 1, 0)}. Consider 
:= (0, 1, 0) as a symbol for the neutral element of E. If + denotes the ad- 
dition on E, then {Dr, i) is a three-dimensional diophantine model of (Z, +) 
over Q (where l{0) = and i{n) = {x{nTrP),y{nTrP),l)). Furthermore, 
membership of Dr (%x, y, z) £ Dr") can be expressed by an atomic formula. 

(iii) The relations "0" and "7^" in (Z,+) are diophantine over Q via 

{Dr,i). 

Proof, (i) Let Q be a generator for the free part of E. Then there exists 
an integer such that P = NQ. Then 

Trr = {ReE{Q) : (3S £ E{Q)){R = NrrS)}. 

The statement that "ii G E{Q)" is a quantifier-free formula in Q. The 
statement that R = NrrS (for fixed integers A^, r) is too. Hence is 
diophantine over Q. 

(ii) The map i is a bijection since we have killed the torsion subgroup of 
i?(Q) by multiplying by r. The addition formulae on E can be written down 
in terms of coordinates on the chosen model. They will involve a choice dis- 
tinction (e.g., doubling a point is different from adding two distinct points 
that are not opposite), but these choices are written by a formula involving 
inequalities and connectives, which translates into normal form only involv- 
ing existential quantifiers. Hence addition is given by a diophantine formula. 
The statement about membership is immediate. 

(iii) i(0) = (0, 1, 0) is obviously atomic. Since we are in a group, to define 
"a 7^ b" in a diophantine way, it suffices to define "n 7^ 0" , and this is clearly 
equivalent to i{n) G Trr, which is diophantine. □ 
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2.3 Remark. Note that if E is an elliptic curve of rank one over Q, 
there is an algorithm to compute the torsion subgroup, and if a point P of 
infinite order is known, then one can find N and Q algorithmically by going 
through the (finite) list of points R of height smaller than P and checking 
whether mR = P for the appropriate finite list of integers m. 

2.4 An "odd" divisibility sequence. Let E be an elliptic curve over 
Q of non-zero rank over Q. Let P be a point of infinite order on E. We 
want to study arithmetical properties of the numerator and denominator of 
the coordinates of multiples of P. Choose a plane Weierstrass model for E: 

y"^ = + ax^ + hx + c, 
with a, b, c integers. We can write 

nP=(x„,yJ=(^,-|), 

with a„, Bfi and Cn, Bn pairs of coprime integers (with Bn and c„ defined up 
to sign). 

2.5 Notation. We write (a, h) to denote any greatest common divisor 
of integers a and b (hence this symbol doesn't have a well-defined sign). 

2.6 Lemma, (i) If v is a valuation for which v{Bn) > then for any 
integer t, v{Btn) = v{Bn) + v{t). 

(ii) {Bn} is a divisibihty sequence, i.e., if TTi\fi, then Byfi divides B^. 

(iii) {Bn] is a strong divisibihty sequence, i.e., {Bm^Bn) = B^ni,n)- 

Proof, (i) For v ^ V2, the claim follows from looking at the formal group 
law associated to S(Qp), cf. [1] - but some care should be taken with this 
reference, cf. the remark below. The following considerations hold regardless 
of the fact whether E is in global minimal form or not, as long as the 
coefficients are integral. 

Let V = Vp. Let E denote the formal group of -E. If Ei denotes the 
kernel of reduction modulo p, then Ei E{pZi) : P = (x, y) i— > z{P) := — | 

is an isomorphism such that v{z) = —^v{x). Theorem IV. 6. 4(b) from [SJ 
says that if r > l/(p — 1), then the formal logarithm induces an isomorphism 
E{p''Z) ^ p^'Z. 

Note that for rational primes, l/{p — 1) < 1 unless p = 2. Hence if 
p ^ 2 or v{z{P)) > 1, the isomorphism E(p'''Z) = p^Z holds for r = v{z{P)) 
and since it is true for any larger r, the map preserves valuations. Hence 
v{z{nP)) = v{n) + v{z{P)). This implies the claim since z{nP) = — 
and On and c„ are coprime to Bn- 
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We are only left to consider the case v = V2 and V2{z{P)) = 1. Assume 
V2{x) < 0. The duplication formula gives 

X 1 - 26x-2 - 8cx~3 + (6^ - Aac)x~^ 

X2 — — * 

4 1 + ax^^ + + cx~^ ' 

The second factor in this product has valuation zero, and hence we get 
vix2) = v{x) — 4:, and this implies the result for t = 2. It follows by induction 
for t = 2^ for some i, and then, using the first part of the proof, for general 
t = 2^ -t' with t' odd. 

(ii) follows immediately from (i). 

For (iii), we only need to prove that {Bm, Bn) divides B^ for d = (m, n). 
Choose integers x, y such that xm + yn = d. Then part (i) implies that 
v{B.j:„i) > v{Bm) > v{Bd) and v{Byn) > v{Bn) > v{Bd). Therefore 
dP = xmP+ynP belongs to the group of points P = (x, y) with v{x) < —2r 
(including the zero element of E) — this is a group, since under the iso- 
morphism El 1-^ E{pZi) it corresponds to the subgroup E{p'^Zi). Hence 
v{X(i) > —2r, so v{B(i) < r. □ 

2.7 Remark. As Marco Streng notes, the claim in [3] that v{Btn) = 
v{Bn) + v{t) also holds for the long Weierstrass form and for number fields is 
wrong; a counterexample is given by P = (— 5, |) on y"^ + xy = x^ + x"^ — 2x, 
for which V2{B2) = 3 but V2{Bi) + V2{2) = 2. Over an arbitrary number 
field, it might go wrong for a larger number of (too ramified) valuations. 

In proofs to follow, we will rely on properties of division polynomials 
(j)n,'(pn,^^n (e.g., [HJ III. 3. 7 for standard Weierstrass form and P for the 
general case). The sequence {ipn} has been termed an elliptic divisibility 
sequence by Morgan Ward (|SS|)- This recourse to the literature is strictly 
speaking not necessary in this section (but we will need it in the final part 
of the paper), since all properties can be checked by direct, but sometimes 
tedious, computation using the addition formute on E. Instead, we will use 
the following 

2.8 Substitution principle. Let f € C[xi,yi, zi, . . . ,Xr,yr, Zr] he a 
homogeneous polynomial w.r.t. the weights wt(xj) = 2i'^, wt{yi) = i"^ and 
wt{zi) = 3i^. Suppose f{(j)i,xpi,uJi, . . . , (prjipr^^r) = 0. Then for any point 
P £ -E'(Q) that is non-singular modulo all primes, we have 

f{ai,Bi,Ci, . . . ,ar, Br, Cr) = 0, 

if we choose the signs of ai,Bi, Ci such that they agree with those of the 
classical division polynomials. 
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Proof. The trick is dehomogeneization w.r.t. the denominator of xi. As 
Mohamed Ayad has notes by direct computation in 1 (bottom of page 306), 
for any n we can write 




6?((6f-Vn) 



where numerators and denominators in these fractions are integers; that 
there is no cancellation of factors of 61 in this representation; and that the 
common divisors of (pn and 6" ~^ipn (and bf^ ujn and 6" ""^V^n) are the 
primes p for which P is singular modulo p. Therefore, if P is non-singular 
modulo all primes, we find = bf" (j)n,Bn = 61 ipn and c„ = bf^ uJn, and 
the result follows. □ 
Now let E be an elliptic curve of rank one over E with a rational two- 
torsion point. By translation, we can assume that (0, 0) is a two-torsion 
point on E. Then E has a Weierstrass equation y'^ = + ax'^ + bx. 

2.9 Lemma/Definition. Let E be in Weierstrass form = x'^ + 
ax"^ + hx, having (0, 0) as rational 2-torsion point. Let P he a point of 
infinite order in 2E{Cl) (i.e., divisible by 2 in E{Cl)) that is non-singular 
modulo all primes. Then we can write 



for integers An,Bn and Cn (defined up to sign) with {An,B„) = 1 and 



(i) The greatest common divisor of An and Cn divides the coefRcient b 
of the Weierstrass model, and the order of b at any common divisor of An 
and Cn is at least 2; in particular, if b is squarefree, then {An, Cn) = 1; 

(ii) We have i?2n = "^AnBnCn up to sign; in particular. An divides i?2n- 

Proof. Let P = 2Q with Q e -E'(Q). We have (1)2 = {4>i - 6)^, so applying 
the substitution principle to this equation and the point nQ, we find that 
rational square and hence A„ is well-defined up to sign. Substituting 
the point nP into the equation of gives that c,^ = A^{An + aA^Bn + bBn) , 
so An divides c„ and the definition of C„ makes sense. Then C^ = A^ + 
aAnBn + bBn, and the gcd of Cn and An divides bBn, hence b since i?„ 
and An are coprime; if v{{Cn, An)) > 0, then we see immediately from this 
formula that v{b) > 2. This proves (i). 

(ii) This follows from the substitution principle via the identity of divi- 
sion polynomials ^2 = 2-01 cji applied to nQ. □ 




{Bn,Cn) = 1. Then: 
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2.10 Remark. The numbers An, Bn and Cn (and the symbol ^/x^ 
occasionally to be used) are only defined up to sign, but that sign will play 
no role in the formula under consideration (such as (ii) above), so we will 
not mention this issue anymore, except in the final section of this paper. 

In subsequent considerations, we will also need to study the divisibility 
properties of the sequences {^*} and {G,,}. It turns out that divisibility 
between their m- and n-th term is only assured if n is an odd multiple of m. 

2.11 Definition. We call a sequence of integers {X*} an odd divisibil- 
ity sequence if divides Xnt as soon as t is odd. We call {C^:} as defined 
by the previous lemma the odd divisibility sequence associated to {E,P). 

That the previous definition makes sense is the contents of the following 
lemma: 

2.12 Lemma. Assume {E,P) and {A^:,B^,C^) are as in Lemma IZM 
with b and — 46 squarefree. Then: 

(i) {A^:B^:} is a strong divisibihty sequence. 

(ii) {A^} and {C^} are odd divisibihty sequences. 

(iii) If t is odd and v{An) > 0, then v{Ant) = v{An) + v{t); but if t 
is even, then {An, Ant) = 1 for all n. Identical statements hold with A* 
replaced by C^, . 

Proof. Recall that we have a morphism of 2-descent (cf. |21J, X.4.9) given 
by the rational map: 

6 -.E^E : [X,Y)^[^, ) 



with E' : ip' = - 2ax^ + {a} - 46)x. 

to ' 



i) Suppose Q = nP maps via 6' to Q' . Then x{Q') = (fr^r)^, so 



Vx(Q^ 



BLy BnAr, 



is a coprime representation (since b is squarefree), and we find that {Aj^Bj,} 
is a strong divisibility sequence, as in Lemma 12. 6( (as it is equal to the 
"B"' -sequence {B'J associated to {E',6'{P)). 

(ii) Let us now prove that {A*} is an odd divisibility sequence. Suppose 
v{An) > 0. Then v{Bn) = by coprimeness of the representation. Now 
v{AnBn) > v{An) > 0, and since B'n = 2AnBn, the formal group law on E' 
(|2.6|) implies that v{B[n) = v{B'n) + v{t), so we find 

(123211) v{Atn) + v{Btn)=v{An)+v{t). 
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If v{Btn) = 0, we indeed find that v{Atn) > v{An). If on the other hand, 
v{Btn) = 0, then since Atn and Btn are coprime, we find that v{Atn) = 0, 
and hence v{Btn) = v{An) + v{t). Now An divides i?2n (|2.9I (ii)), so we 
have that {Btn,B2n) = B(in,2n) = ^n{t,2) is divisible by a valuation v which 
doesn't divide B^, hence (t,2) ^ 1 and t is even; which we have excluded. 

That {C*} is an odd divisibility sequence is immediate, since C„ = A'^ 
for the image sequence under 5' (with — 46 squarefree), and we have just 
shown that {^4'^} is an odd divisibility sequence. 

(iii) This is implicit in the proof of (ii), noting again that Af^ and Bfn 
are coprime in 1)2.121 1). □ 

2.13 Remark. Here is a quick proof that {vl*} and {C*} are odd 
divisibility sequences: if an integer d divides An or C„, then nP £ E[2]{Z/d), 
so for odd t, tnP = nP e E[2]{Z/d). 

2.14 Example. The elliptic curve E : = + 12x^ + llx = 
x{x + l)(x + 11) is of rank one over Q, and P = (1/4, 15/8) is of infinite 
order. The torsion subgroup of i?(Q) is Z/2 x Z/2, generated by (—1,0) and 
(0, 0). We computed the prime factorisations of An, Bn and C„ for n < 8: 







1 






5 • 7 


^3 




19 • 269 


Ai 




659 • 1931 


As 




23042506969 


^6 




5_7 • 89 • 4639 • 4575913 


Ar 




647873811 • 19522768049 


As 




1321 • 6637 • 1356037 • 6591431535431 


Bi 




2 






2!.3 


B3 




2 -29 -41 


Bi 




2^ • 3 • 5 • 7 • 37 • 53 


B5 




2 • 11 • 6571 • 10949 


Be 




22. 32 -19 -29 -41 -269 -467 -2521 


B7 




2 • 31 • 211 • 1481 • 8629 • 184598671 


Bs 




2^ • 31 • 5 • 7 • 13 • 37 • 53 • 659 • 1931 • 160117 • 5609521 


Ci 




3 • 5 


C2 




-37-53 


C3 




32 • 5 • 467 • 2521 


C4 




-13- 160117-5609521 


C5 




3 ■ 5 • 17 • 67 • 1601 • 3019 • 17417 • 379513 


Ce 




23 • 37 • 53 • 59 • 10531 • 1131223 • 7186853449441 


C7 




-3-5 • 353 • 1483 • 17609 • 11748809 • 281433601 • 46333351129459 


Cs 




5303 • 108739 • 1830931 • 170749043903 • 92397921271034416798380481 



21 



Note that although 6 = 11 is squarefree in the example, — 45 = 100 is 
not. This means something might go wrong with the valuation formula for 
C=K upon multiplication by 2 or 5, and indeed, v^i^C^) ^ ^5(6*1) + ^^5(5). 

The examples illustrate all the (non-)divisibility-properties mentioned 
before, but also some other apparent features that will be discussed later 
on: whereas the indices have one prime factor on average, the numbers 
themselves have three primitive factors on average. It is expected that for 
any given A: > 0, all terms in the sequence from a certain moment on will 
have at least k primitive factors. In the above tables, we have underlined 
the "non-primitive" part, i.e., the prime factors that occur earlier on the 
list. 

Observation. All divisors of An and Bn for odd n are = ±1 mod 5. 

Proof (for B^, as shown to us by Karl Rubin). Suppose I is a prime with 
l\Bn, i.e., nP = mod /. Since n is odd, P = 2Q mod / for Q = (n + l)/2-P. 
Then x = x{Q) satisfies the equation {x^ — 8x + ll)(x^ + 7x + 11) = mod 
Since both factors of this equation have discriminant 5 up to squares, there 
is a solution mod / precisely if 5 is a square modulo I. □ 

On the other hand, all C„ seem to have primitive prime divisors of odd 
order = ±2 mod 5, i.e., inert in Q(^/5), but we have no general proof of 
that. 

3. Elliptic divisibility sequences and models of (Z,+,|) 

3.1 Primitivity condition. Let {X^} be an (odd) divisibility se- 
quence. Let R denote a set of valuations. We say {X^,} is R-primitive if 
every term Xn has a primitive divisor from R, that is: 

(Vn)(3i; G R)[v{Xn) > and (Vi < n){v{Xi) = 0)]. 

We say {X^:} is R-odd-primitive if every term Xn has a primitive odd order 
divisor from R, that is: 

{yn){3v G R)[v{Xn) is odd and (Vi < n){viXi) = 0)]. 

We sometimes say v is ii-(odd-)primitive for Xn if these formula holds for 
V and Xn- 

3.2 Lemma. Suppose that E and P are as in lemma FOI Assume 
that {C*} is R- (odd-) primitive for some R. If v & R is (odd-)primitive for 
Cm and v{Cn) > for some n, then m\n and n/m is odd. 
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Proof. It suffices to prove this for the ^-sequence, since the descent 
morphism 6' transfers {C*} into {A*} (proof of Lemma |2.12|) . Now since 
{A^B^} is a strong divisibihty sequence (|2.12|) . we have 

Since we assume ^(^4^) > and v{An) > 0, we have v{Bm) = v{Bn) = by 
coprimeness assumptions; and v((^(m.n)-S(m,n))) > by the above formula. 
Suppose first that > 0. Since {m,n) < m, the i?-primitivity of v 

for Afn imphes that (m,n) = m. This means that m\n. Bv 12.121 (iii). we 
find that n/m is odd. 

On the other hand, if v{B(^jn.n)) > Oi since {B^} is a divisibihty sequence 
and {m,n)\m, we have v{Bm) > 0, contrary to the assumption. □ 

3.3 Divisibility predicate. Let R denote a set of valuations. Denote 
by Sipiix^y) the property 

^R{x,y) '■ Vf G : odd =^ v{x) < v{y'^). 

3.4 Remark. This predicate says that odd order "zeros" of x are zeros 
of at least half that order of y, and that odd order "poles" of x are at most 
poles of y of half that order. Note that it seems at this point maybe more 
natural to have a definition in which the condition v{x) < v{y'^) is replaced 
by v{x) < v{y), but for future applications, we will need it as it stands. 

3.5 Theorem. Let E he an elliptic curve over Q and P a point of infi- 
nite order on 2E{Q,) of sufficiently large height. Assume E has Weierstrass 
form y"^ = + ax"^ + bx (in particular, a rational 2-torsion point ) with b and 

— 46 squarefree. Assume the odd divisibility sequence {C=k} associated to 
P on E is R-odd-primitive. Then for any integers m,n £ Z, 

m\n ^R{ym\/X^, ynVx^) V ^RiymVx^, ym+n\JXm+n) 

Proof. Replacing P by a suitable multiple, we can assume P is non- 
singular modulo all primes. Indeed, for any prime p, consider the group 
i?(Qp) and the subgroup So(Qp) of points that reduce to non-singular points 
modulo p. Then S(Qp)/ii^o(Qp) is finite and non-zero for only finitely many 
p (actually, by a theorem of Kodaira and Neron, of order bounded uniformly 
in p by 4 times the least common multiple of the exponents in the minimal 
discriminant of E, cf. [H^ VII. 6.1). Note that the i?-odd-primitivity condi- 
tion is unaffected by this replacement of P by a multiple. Bv l2.121 {C=k} is 
an odd divisibility sequence. 
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It follows from the definition of Cn that 



2 \ 2 

N 



(ESIl) Cn = ±yNV^ 

We claim that our assumption that b is squarefree implies the following: 

Claim. If ^(Ctv) / 0, then v{Cn) = v{yN^/xJ^)- 

Proof of the claim. By the above formula we should prove v{B'j^ /^n) = 0. 
Now Bn and are coprime by definition, and bv 12.91 (i) and since h is 
squarefree, we find that and Cm are also coprime. 

Proof of Assume m\n. Then either n/m or {n + m)/m is odd. Then 
lemma l2. 121 implies that Cm\Cn or Cm\Cm+n- We will agree from now on to 
write n but mean either n or m + n, and assume that n/m is odd. 

Pick a valuation v in R and suppose that v{ym\/Xm) is odd. From 
formula (|3.5I 1). we see that v{Cm) has to be odd. Since n/m is odd, lemma 
Eini implies that v{Cn) > v(Cm) > 0. By (|HISl2), we find v{yny/x^) > 
v{yniy/x^) > and this implies ^R{ym^/x^,yn^/x^)■ 

Proof of 'i=. Choose a valuation v that belongs to an odd order primitive 
divisor of Cm from R. Then claim 1)3.51 2') implies that v{ym^/Xm) is positive 
and odd. The assumption means that 2v{yn^/ahi) > v{ymy/Xm) > (or 
similarly with n replaced by m + n). Formula ()3.5I 1) implies that one of 
the following two cases has to occur: v{Cn) > or v{An) > 0. In the first 
case, since v is primitive for Cm, we find that m\n from Lemma 13.21 In 
the second case, note that An divides (|2.9r ii)). so i?2n and Cm have a 
common divisor v. We will prove that w is a primitive divisor of B2m- Since 
v{B2n) > 0, we will find from this that m\n. 

By 12.91 (ii) , we have an identity 
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Should v(Bm) > 0, then v{B2m) = v{Bm) + ?^(2), and hence (as Am and Bm 
are coprime) v{Cm) = 0, a contradiction. Hence 

(IS314) v{Bm) = and v{B2m) > v{2Am). 

Since v is primitive for Cm, we have v{Ci) = if i\m, i < m. Recall 
v{Bm) = 0, and since {.B*} is a divisibility sequence, v{Bi) = for all i as 
before. Hence for such i, we find from (|3.5I 3): 

(|H3l5) i\m, i <m=> v{B2i) = ^(2^^). 
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Suppose that m/i is odd. Since {^*} forms an odd divisibility sequence 
(by I2.12() . should v{A.i) > 0, then v{Am) > 0. But since we assume b 
squarefree, Am and Cm are coprime, so we cannot have v{Am) > and 
v{Cm) > 0. Hence v{Ai) = for all v and so by p.SI S). v{B2i) = for all 
i\m, unless v = V2- For v = V2, we find instead that v{B2i) = v{2Ai) = 1, 
and hence u(i?2m) = v{BmL.2i) = v{B2i) = 1 by the formal group law, since 
m/i is odd. But since v{Cm) > 0, we have v{B2m) > 1 from ((2313). This is 
a contradiction. 

For the general case (m/i not odd), write m/i = 2^ ■ k with k odd. We 
conclude from the previous reasoning that v{B2i+ii) = 0, but since {i?*} 
forms a divisibility sequence, we find from this that also v{B2i) = 0. 

Recall that v{Bm) = and hence v{Bi) = for all i\m. We conclude 
from this and v{B2i) = that v is also primitive for i?2m- But remember 
we had v{B2n) > 0. Hence 2m|2n. □ 

3.6 Remarks, (i) It might be possible to remove the assumption that 
6 or — 46 be squarefree, but then ()3.5I 2) changes. 

(ii) We work with {C*} because C„ is an algebraic function of the co- 
ordinates of nP "up to squares" (|3.5I 1). It has been suggested in the past 
that m\n is equivalent to S>R{y/Xmi \/x^), but this is wrong in two ways: if 
n/m is even, then "zeros" of Xm are not zeros of x„; and in general, "poles" 
of "poles" of Xn of larger order (in particular, if n/m is divisible 

by that pole). In case of an isotrivial elliptic curve over a rational function 
field, this problem doesn't occur ([2S1, esp. 2.2), since the order stays equal. 

Not to obscure the proof too much, we have not included the following 
stronger statement in the original statement of the theorem: 

3.7 Proposition/Definition. The conclusion of the above theorem 
\3.5\ still holds if one replaces the R-odd-primitivity condition of {C*} hy the 
following weaker condition: 

("weak i?-odd-primitivity condition") All terms C2apb for a,b 
positive integers and p any odd prime have a primitive odd order 
divisor from R. 

Proof. The only part of the proof that changes is the proof of <^. Set 
a = V2{m). If p is an odd prime such that Vp{m) = 6 > 0, choose a primitive 
odd divisor v for C2apb from R based on the assumption. Since m/2°'p^ 
is odd, lemma 12.121 implies that v{Cm) is odd, so the assumption of the 
theorem assures us that v{Cn) > 0. We can then proceed as before with m 



25 



replaced by 2"p^ to conclude 2°'p^\n. Since this holds for any odd p, we find 
m\n. □ 

We now suggest the following conjecture about the sequences {C=k}: 

3.8 Conjecture. The following exist: 

(a) an elliptic curve over Q, such that E has Weierstrass form = 
+ ax^ + hx (in particular, a rational 2-torsion point) with b and — 46 

squarefree; 

(b) a point P of infinite order on E with associated odd divisibility 
sequence {C=k},- 

(c) a set R of prime numbers such that SIr is diophantine over Q; and 
such that {C*} is (weakly) R-odd-primitive. 

3.9 Theorem. Assume Conjecture Then (Z,+,|) has a three- 
dimensional diophantine model in Q. 

Proof. Immediate from l2.2l 13.51 and l3.71 observing that a = ^yn^/x^ for 
{xn,yn) £ Tr is diophantine over Q. □ 

3.10 Proposition ((C)-elliptic Zsigmondy's theorem). Let E be 

an elliptic curve over Q and P a point of infinite order in -E'(Q) of sufRciently 
large height. Let R denote the set of all finite valuations of Q. Tiien 

(i) {-B*} is R-primitive. 

(ii) If (0,0) e E[2], then {C^} is R-primitive. 

(iii) If E has j-invariant j = or j = 1728, then the ABC -conjecture 
implies that {i?*} and {C=k} (for (0,0) G E[2]) are R-odd-primitive. 

Proof. The crucial statement is Siegel's theorem on integral points on an 
elliptic curve (cf. IX 3.3), which implies that An and i?„ are both of 
order of magnitude the height of nP. 

For B^:, (i) is the usual elliptic Zsigmondy's theorem, first proven by 
Silverman in [32, Lemma 9. The same proof works for the sequence {^*}; 
we include a variation of the proof for completeness. 

Suppose that An doesn't have a primitive divisor. We will show that n 
is absolutely bounded, so changing P to some multiple, we get the result. 
We claim that there exists a set W of distinct divisors d of n with all d > 1 
such that 

An I n An. 

We can then finish the proof as follows: We get 

log \An\ < logn + ^ log \A«\. 

dew 
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Let m denote the canonical height of P. Classical height estimates give 
log|An| < m + 0(1). They combine with Siegel's theorem ("|j4„| and 
\Bn\ are of the same size") to give for any e > 0, (1 — e)ii?m < log|^n|- 
Since 

2Z ^2 < ^(2) - 1 {recall: d > 1 for d G W), 

dew 

we find after insertion of these estimates into the above formula: 
(2 - e - C(2))mn^ < log(n) + 0(1), 

and this bounds n absolutely. 

For the proof of the claim: by assumption, any prime p dividing An 
divides Am for some m < n. Then also p|^(m,n) (as in the proof of 13. 2() . 
so we can assume m\n and n/m odd. Hence Vp{An) = Vp{Am) + Vp{n/m) 
(|2.12l (iii)). Run through all p in this way, and pick such an m for each p. If 
Vp{An) = Vp{Am), then let d := n/m £ W. Then Vp{An) = Vp{An). If, on 
the other hand, Vp{An) > Vp{Ara), then we must have p\^- In this case, set 
d := p £ W. Then Vp{An) = Vp{Aii) + 1. Indeed, we only have to prove that 
Vp{An'j > since we get the implication by the formal group law formula 
as p is odd. Now since Vp{Am) > and n/mp is an odd integer, the same 
formula implies that Vp{Aii) = Vp{Am) + 'Vp(_2_) > 0, and we are done. 

To finish the proof of the proposition, the statement is true for C=k , since 
it is the A=K-sequence of the isogenous curve E' (as observed before). We 
note that (iii) for {-B*} is Lemma 13 in |32j . and a similar argument works 

for {a}. □ 

3.11 Remarks, (i) We don't know whether for R the full set of 
valuations is diophantine over Q. This would be quite a strong statement. 
For example, if we write a rational number x as x = xq ■ xl with for any 
V £ R such that v{xo) ^ 0, one has v{xo) odd and v{xi) = 0, then &ji{x~^, 1) 
expresses that xq is an integer. 

(ii) Using elliptic Zsigmondy and a proof similar to (but easier than) that 
of theorem 13.51 one can prove that m\n <^=^> Bm\Bn <^=^ rad(i?m)|^n- 
However, we don't know that the formula ^{x,y) : {iv){v{x) < 
v{y) < 0) is equivalent to a diophantine formula &'{x,y) in Q. If so, then 
^'{xm,Xn) would be a diophantine definition of m\n in Q. But then again, 
"^'(x, 1)" would be a diophantine definition of Z in Q. 

3.12 A diophantine predicate. We will now investigate in how far 
one can construct sets R for which is diophantine over Q. In j^SI; Phei- 
das has produced a diophantine definition over Q that says of two rational 
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numbers x and y that for any prime p = 3 mod 4, we have Vp{x) > Vp{y^) 
(and some extra conditions). This was consequently extended to all primes 
inert in a given quadratic extension of Q by Van Geel and Zahidi at Ober- 
wolfach (j34j^. but still involving extra conditions. Finally, Demeyer and 
Van Geel have proven the following (for an arbitrary extension of global 
fields, but we only state it for Q): 

3.13 Proposition. (11 ) For a non-square d, let denote the set 
of valuations of Q that are inert in Q(\/d). Then there is a (diophantine) 
Tif -formula equivalent to S!B.^{x,y), i.e., t{&R^) = 0. 

3.14 Remarks. The proof involves the theory of quadratic forms and 
is very close in spirit to the proof of Pheidas, which in its turn is an attempt 
to analyse Julia Robinson's definition M from the following perspective: M 
is essential a conjunction over all valuations f of a predicate that says that 
a rational number x is u-integral. The latter is expressed by the isotropy 
of a quaternary quadratic form that depends on x and v. Pheidas' analysis 
says that one can discard this conjunction over an infinite set of primes (but 
not all). It would be interesting to see whether is diophantine for other 
sets of primes R that are inert in not necessarily quadratic extensions of 
Q. Note that one can define v{x) > for all v not completely split in a 
cyclic extension of Q of degree q (with finitely many exceptions on w), but 
for X G Z[T~^] where T is the complement of finitely many primes, instead 
of X G Q (Shlapentokh [SOI, 4.4.6). 

3.15 Corollary. For any hnite set D of fundamental discriminants, set 

Rd := U Rd- 

Then &Rj^ is expressible by a T,f -formula. In particular, there are sets of 
primes R of arbitrary high Dirichlet density < 1 for which is diophantine. 

Proof. The first claim is automatic, since a finite disjunction of S^- 
formulse is equivalent to a S^-formula. For the second statement, choose all 
Q(\/d) for d G D linearly disjoint, then is the complement of the set of 
primes that split completely in the compositum L of all Cl{Vd) for d € D, 
and this complement has Dirichlet density 1/\L\ = l/2l^l (by Chebotarev's 
or weaker density theorems), which can be made arbitrary small ^ by 
increasing \D\. □ 

Based on this information, we change our conjecture to the following, 
the plausibility of which will be discussed in another section, and that will 
be used here as input for our main theorem. 
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3.16 Conjecture. The following exist: 

(a) an elliptic curve over Q, such that E has Weierstrass form -y^ = 
+ ax^ + bx (in particular, a rational 2-torsion point) with b squarefree; 

(b) a point P of infinite order on E with associated odd divisibility 
sequence {C^:}; 

(c) a finite set D of quadratic discriminants such that {C*} is (weakly) 
R D -odd-primitive. 

As before, we get: 

3.17 Theorem. Assume Conjecture \H.lfA Then (Z,+, |) has a dio- 
phantine model in Q. □ 

4. Defining multiplication in (Z,+, |) 

4.1 Lemma. There exists a T,^ -formula ^ in (Z, +, |, 7^) such that for 
integers m, n, k, we have k = m ■ n <^=^ ^(m, n, k). 

Proof. The first part of the proof is very similar to that of Lipshitz for 
N in [20]. To define multiplication by a Sjj'-formula, it suffices to define 
squaring by a Il^-formula, since x = mn 2x = {m + n)^ — — v? 

(translating this as (3ti, v,w,s)(x + x + u-\- v = w f\u = f\v = f\w = 
/\ s = m + n)). 

We first claim that y = x"^ ii and only if (\/t){(/)(x,y,t)), where (p is the 
formula 



(j) ■ x\y A x + l\y + X A X — l\y — X A 

((x\t A X + l\t + X A X — l\t — x) ^ (y + x\t + X A y — x\t — x)) 

Indeed, the first three divisibilities imply y = ux with u £ Z and |x + 1| < 
|n + 1| and jx — 1| < — 1|. Taking t = x'^, the divisibilities following 
the implication sign imply |x + 1| > \u + 1| and |x — 1| > |ti — 1|. Hence 
X + 1 = ib(n + 1) and x — 1 = ib(n — 1). If in either of the two equalities, 
the equality holds with a positive sign we get that u = x and hence y = x'^. 
The case x — 1 = —u + 1 and x + 1 = —u — 1 leads to a contradiction. The 
other direction is easy. 

Rewriting the formula as an atomic formula using the recipe from 
Lemma ll.21 we see that the replacement of the implication in by disjunc- 
tion introduces (non-positive) expressions of the form "a does not divide 5" . 
We will now show how to replace this by a positive existential statement in 
(Z,+,|,/). 
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Observe that g' is a greatest common divisor of a and 6 in Z (notation: 
(g) = (a, b)) if and only if 

(Umi) g\aAg\bA {3x,y){a\x A b\x A g = x + y). 

Indeed, the first two divisibihties imply an inclusion of ideals (a, 6) C ((7), 
and the existential statement implies that g G (a, 6). 

Now a doesn't divide b if and only if (a) 7^ (a; 6), and this can be rewritten 

as 

{3g,g'){{g) = {a,b) A g + g' = A a ^ g Aa ^ g'), 

which is a positive existential formula in (Z,+,|,7^), after substitution of 
gUl). □ 

4.2 Theorem. Assume Coniecture \3.8\ or \3. 1 61 Then Z Las a model D 
in Q witL complexity t{D) < 1, c{D) < 1; and tiie T,^-theory (= T^^-theory) 
of Q is undecidable. 

Proof. Picking an elliptic curve as in one of the conjectures, we find a 
three-dimensional diophantine model of (Z, +, |) in (Q, +, x) as in Theorem 
13.91 or 1^.171 Now observe that is also definable in the model by an atomic 
formula, and that n 7^ is also definable in the model by an existential 
formula, cf. Lemma 12.21 Hence each of the conjectures actually imply that 
(Z, +, 1 , 0, is definable in Q. 

Now X is defined by a S^^-formula in (Z, +,1,7^) with only one universal 
quantifier; in particular, t{i{x)) < 1 and c(t(x)) < 1 for the induced model 
L> of Z in Q. By null we conclude that t{D) < 1, c{D) < 1 and that the 
S^-theory of Q is undecidable. □ 

4.3 Remark. The trick of replacing non-divisibilities by existential 
sentences in the lemma (communicated to us by Pheidas) is crucial. The 
negation of a diophantine formula expressing divisibility (as it comes out 
of our conjecture) is a universal formula that leads to a model of the same 
complexity as Julia Robinson's. 

5. Conditional undecidability of the Il^-theory of Q 

Theorem 14.21 is our main result about the complexity of a model of Z 
in Q. Although the model given there is Sj^, we can slightly alter the 
method to (conditionally) prove the existence of undecidable formula in Q 
of complexity 11^. 

5.1 Lemma. The II2 -theory of (Z, -|-, |) is undecidable. 
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Proof. The proof is entirely analogous to that for N by Lipshitz in j2L)j . 
By Lemma |4.11 we know that squaring is definable in (Z,+,|) by a II2- 
formula. The proof of 14.11 actually shows that if one allows negated divisi- 
bilities, the defining formula can be taken to be a Hi-formula. It is easily 
seen that the S^-theory of the structure (Z, +, x — > x^) is undecidable (since 
multiplication is existentially definable). We obtain that the S2-theory of 
(Z, +,\) is undecidable. Since the negation of a S2-formula is a n2-formula, 
we obtain that the n2-theory of (Z,+, |) is undecidable. This means that 
sentences of the form: 

Vx3y(^(x,y) 

(with (j) quantifier free) are undecidable. However <j) may still contain negated 
divisibilities and inequations. These can be eliminated as in the proof of l4.1l 
at the expense of introducing extra existential quantifiers. Thus, any 1X2- 
sentence is equivalent to a H^-sentence and hence the H^-theory of (Z, +, |) 
is undecidable. □ 

We now need the following extension of Lemma ll.2fll 

5.2 Proposition. Let {D,l) be a diophantine model of (Z,+,|) in 
(Q,+, x), such that memhership of D is quantifier- free. In the following 
table, the second column lists the positive hierarchical status of the formula 
as a function of the status of 3^ : 







^tn in > 0) 

n+ 


^2n+l 

n+ 



(note: inclusion of a formula in a class of the hierarchy means that the 
formula is equivalent to a formula in that class). 

Proof. The proof is completely analogous to the proof ESOl D 

5.3 Theorem. Assume Coniecture \3.^ or \3.1b1 Then the II2 -theory 
of Q is undecidable. Furthermore the subset of sentences of 11^ with t- 
complexity 1 is already undecidable. 

Proof. Follows immediately from 13.91 13.171 15.11 and 15.21 □ 
6. Discussion of the conjecture 
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6.1 Different versions of the conjecture. Our conjecture is merely 
about the existence of one elliptic curve, but one can of course also inves- 
tigate whether the conjecture might be true for any elliptic curve E with a 
point of infinite order on it. The conjecture then becomes a kind of elliptic 
Zsigmondy conjecture with odd order and inertial conditions. It then seems 
natural to also look at the conjecture for {-B*} instead of {C^:}, although we 
don't know of a direct application to logic. We now first list these variants 
of the conjecture in a more precise way: 

6.2 (Odd-)inertial C-elliptic Zsigmondy's conjecture. For every 
elliptic curve E in Weierstrass form such that (0, 0) G E[2] and every rational 
point P of infinite order and sufficiently large height, the associated odd 
divisibility sequence {C=k} is (weakly) R£)-(odd-)primitive for some D. 

6.3 (Odd-)inertial elliptic Zsigmondy's conjecture. For every 
elliptic curve E in generalised Weierstrass form and every rational point P of 
infinite order and sufficiently large height, the associated elliptic divisibility 
sequence {-B*} is (weakly) R£)-(odd)-primitive for some D. 

It is hard to falsify these conjectures, because if one finds a multiple of 
a given point P for which the divisibility sequences under consideration has 
no primitive odd order divisor from a given Ru, one simply takes a multiple 
of P or enlarges the set of discriminants. But if the height of P becomes too 
large, one can no longer factor i?„ or C„ in reasonable time with existing 
algorithms, and if the height of P is too small, then Bn or Cn could be 
non- typical (e.g., prime) for small n (similar problems occur in 1121 ) . We 
will therefore refrain from presenting extensive numerical computation, but 
rather present some heuristics and remarks below, and a density version of 
the conjecture in the next section. 

6.4 Heuristic arguments. 

We start from the following observation: 

(|5.4I 1') (Landau-Serre [2Z| 2.8) Let M be a multiplicative set of positive 
non-zero integers (i.e., xy € M <^=^ x € M V y G M), and assume that 
the set of prime numbers in M is frobenian with density 5 > (i.e., every 
sufRciently large prime p belongs to M exactly if its Frobenius morphism 
belongs to a fixed subset H of the Galois group G of some fixed number 
field with H stable under conjugation by G and 5 = \H\/\G\). Then the 
probability that a given number x belongs to the complement of M admits 
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an asymptotic expansion 



N 

log{x)-'{Y^ a \og{x)-' + 0(log(x)-(^+i))) 

with Co > 0, for any positive integer N. 
We can now "prove" heuristically: 

(|n3l2) Let E he an eUiptic curve over Q. Then set A = E{Q)-E{Zl^]) 
of points whose denominators are only divisible by primes outside Rjj is 
heuristically finite if\D\ is large enough. 

Let M denote the set of integers having at least one factor from Rd. 
Then M is multiphcative, and a prime p belongs to M exactly if p is 
not completely split in the compositum L = Q,{y/di, ■ ■ ■ y/dN), where D = 
{di, . . . , dAf}. This is the same as saying that the Frobenius element of p 
belongs to H = Gal(L/Q) — {1}. Note that H is stable under conjugation, 
and that 6 := \G\/\H\ = 1 - 1/2^ > 0. 

We approximate the probability that a number is outside M by the 
first order term in (|6.4I 1) — in the considerations below, any finite order 
truncation actually gives the same result. We consider the set 

A, = {PG E{Q) - E{Z[^]) : h{P) < x}. 

We find for large x, 

h{P)<x 

We now pick a basis {Pj}[^^ for the free part of -E'(Q) and write any P £ 
E{Q) as ^XiPi + T with Aj G Z and T e ^(Q)tor- Then h{P) ^ plp-logc 
for some constant c, an the above sum becomes 

XSZr-{0} 
|lA||2<i 

We group terms with ||A|| = m for a fixed integer m: 
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We let X — > oo, and find that A is finite if tliis sum converges, whicli happens 
exactly for 26—r+l > 1, i.e., 6 > r/2. This can be attained for N sufficiently 
large. □ 

With r = 1, this implies that Bn doesn't have a divisor in only for 
finitely many n as soon as \D\ > 2. Applying it to the isogenous curve E' , 
it implies the same for {A*} and hence {G,,}. 

Actually, the primitive part of i?„ is of size at least h{Pf -^-'' (cf. Sil- 
verman \SZ\ . Lemma 9 for an estimate h{P)" and for a proof with a 
factor 0.6, using elliptic transcendence theory). We can apply the same argu- 
ment to the primitive part of Bn- Furthermore, taking the ^i?C-conjecture 
for granted, if E has j-invariant or 1728, then we even know that the 
squarefree primitive part of Bn is of the same order (Lemma 13 in loc. cit.), 
and this gives a heuristical proof of i?£)-odd-primitivity for \D\ > 2 on such 
curves. 

(|6.4I 3') One might note the following about the error term in (|6.4H l: 
Shanks analysed 1)6.41 11 in case M is the complement of the set of sums 
of two squares (cf. Ramanujan's first letter to Hardy) and noted that the 
first two terms give an accuracy of only 0.005 at x = 10^. 

(16.41 4) Note further that for E having a rational 2-torsion point, Bn can 
be prime only finitely often, as follows from p3] (since it arises as image 
sequence under an isogeny). It is actually conjectured (see loc. cit.) that Bn 
can only be prime for n < K and some constant K independent of E and 
P; this is related to the elliptic Lehmer problem. It is reasonable to expect 
that Bn has m distinct odd order primitive prime factors as soon as n > if 
for some constant K only depending on P and E and m (and maybe even 
only m). Granting that the (many) prime factors of Bn are equidistributed 
over residue classes, the probability that at least one of the them is inert in 
a given is very high. 

6.5 Further remarks, (i) One can wonder whether the property of 
being i?/)-primitive is very sensitive to the choice of D, so ask whether it 
is true that for every elliptic curve E (respectively, such that (0,0) G E[2]) 
and every non-empty set D of discriminants, for every rational point P of 
infinite order and sufficiently large height, Bn (respectively Cn) satisfies the 
Ro-primitivity condition. There is some evidence that the i2£)-primitive 
part doesn't behave the same for all D. For example, if E has complex 
multiplication by some d £ D, there appear to be "more" split primes. This 
is explained by a Zsigmondy's theorem for an interpolation of the usual 
elliptic divisibility sequence by a sequence indexed by all endomorphisms of 
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the curve, see Streng I^Sl- Another example is Rubin's proof in 12.141 

(ii) It is interesting to observe that the multiphcative group (disguised 
as the Fibonacci sequence) played an essential role in the original proof of 
HTP(Z). However, the analogue of our conjectures for linear recurrent se- 
quences or the multiplicative group, i.e., an "inertial classical Zsigmondy's 
theorem", is almost certainly false. Let us reason heuristically for the se- 
quence {a" — l}n>i for fixed a. The probability that a" — 1 is divisible only 
by primes outside" i^^ is [log(a" - l)]"^ with 6=1- l/2l^l (cf. (^311)), so 
the number of n < x for which this holds is approximately 

5^1og[(a"-l)]-^« Y,n~' 

n<x n<.x 

which diverges if x — > oo for all 6. Also, a general term of such a sequence 
(if a is not composite) can be prime infinitely often. This is why we really 
need elliptic curves. 

(iii) It is easy to formulate an analogue of the above conjecture for elliptic 
curves over global function fields. Especially in the case of an isotrivial curve 
(e.g., the "Manin-Denef curve" f{t)y^ = f{x)), some information can be 
found in the literature, cf. ^5] . 

Another function field analogue of 16. 31 is the following: let (phe a rank-2 
Fq[r]-Drinfeld module over Fg{T) (see, e.g. ^^). If x G Fg[T] is a polyno- 
mial of sufficiently large degree with 4>a{x) ^ for all a £ Fq[T], then for all 
polynomials n, (lynix) is divisible by an irreducible polynomial p coprime to 
(j)m{x) for all m of degree deg(m) < deg(n), such that p is inert in at least 
one of F{T){Vd) for d in a finite set of polynomials. A Drinfeld module 
analogue of Zsigmondy's theorem was proven by Hsia f |16j'l. 

(iv) The weaker statement that every Cn/Ci has an odd order divisor 
from but not necessarily primitive, is equivalent to the fact that each of 
the "fibrations in conies over i?" 

C/Ci = f{X, y) A = + aA'^B^ + bB^ 

has only finitely many rational (P^-)fibres over E, where / runs over the 
classes of binary quadratic forms of the correct discriminant. For example, 
since Q(\/5) has class number one, related to example l2.14l is the diophantine 
equation 

{A^ + B'^){A'^ + UB"^) = 3^ • 5^ • {X^ - 5y^)^ 

a smooth projective K3-surface whose rational points should be found. One 
is reminded of the trouble deciding whether or not Martin Davis's equa- 
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tion has finitely many solutions (cf. Shanks and Wagstaff again using 
Landau-Serre type estimates). 

(v) In conjecture 16.31 one can move the point P to (0, 0) by a rational 
change of coordinates. Then the conjecture becomes purely a statement 
about the division points on E, as we then have 

Bl = ±n' H x{Q). 

Q<^E[n\ 

(vi) If E has complex multiplication, then one has a divisibility sequence 
{Ba} associated to any a G End(£') (cf. [S]). A similar theory with similar 
conjectures can be worked out. For the analogue of Zsigmondy's theorem, 
see PH] . 

7. A density version of the conjecture. 

7.1 Periodicity technique. There is a principle of periodicity of 
elliptic divisibility sequences that can be used to prove density versions of the 
conjectures. Here is an example for Coniecture l6.31 the point P = (—2,4) is 
non-singular modulo all primes and of infinite order on the curve E : = 

+ + 2x. The sequence {B^} for P starts as (1, 2^, 3 • 11, 2^ • 5^, . . .) up 
to signs. 

7.2 Definition. The rank of apparition pp = pp{X^) of a prime p in a 
sequence {X^} is the smallest n for which p\Xn- 

7.3 Periodicity (Morgan Ward jSS], section III). Assume that the sign 
of Bn is chosen so that Bn = V'n(-P) for the classical division polynomial ipn- 
Assume p > 3 has rank of apparition pp > 3 in {.B*}. Then that sequence 
is periodic with period iTp given by 

T^p — Pp ' "2 ^ ' 'Tpi 

where Tp is the least common multiple of the (multiplicative) orders e and 
K of Bp^_i and Bp^_2/B2 modulo p, respectively; and where Up = 1 if both 
e and k are odd, Op = — 1 if both e and k are divisible by the same power of 
2, and Op = otherwise. 

We now look at the behaviour of the Jacobi symbol of B^ modulo a given 
prime p. To avoid sign problems, we choose p = 1 mod 4. For example, our 
sequence is periodic modulo 5 with period 8. Hence the sequence of Jacobi 
symbols (;J-) = {^) (by quadratic reciprocity) is periodic with the same 
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period, and its repeats 

(1,1,-1,0,-1,1,1,0) mod 5. 

This implies that (-J-) = —1 whenever n = ±3 mod 8, so all Bg for s a 
prime congruent to ±3 mod 8 have a primitive odd order divisor in R^. 

In this case, one can do a little better. Assume n = s*^ is a power of a 
prime s = ±3 mod 8. Then for e even, = 1 mod 8 and s^~^ = ±3 mod 
8, whereas for e odd, we have = ±3 mod 8 and s'^~^ = 1 mod 8. Prom 
periodicity, we see that in any case the Jacobi symbol of Bs<! /B^e-i is — 1, 
so the number is divisible by an odd order divisor in R^. We conclude: 

7.4 Proposition. If {-B*} is the elliptic divisibility sequence associated 
to (2, —4) on = + 7x^ + 2x, then any Bge for s a prime number 
= ±3 mod 8 has a primitive odd order divisor from R^ . In particular, the 
set {s prime : Bg has a primitive odd order divisor from R^} has Dirichlet 
density at least 2/99(8) = 1/2. □ 

One can go on and create a race between inertial conditions in different 
Q(y^) and the period of {-B*} modulo p. We do this for the first few p = 1 
mod 5 and the above curve and point (leaving out the easy computations). 
For p = 13, the sequence has period 36 and for s = ±5, 7, 11, 13 mod 36, 
(j^) = —1. For p = 17, all Kronecker symbols are positive. For p = 29, the 
period is 38, and s = ±9, 11, 15 mod 38 give a negative Kronecker symbol. 
For p = 37, no new residue classes occur. For p = 41, the period is 42, and 
s = ±13, 17 mod 42 have negative Kronecker symbol. For 53, the period is 
66 and s = ±5, 7, 25, 29 mod 66 have negative Kronecker symbol. An easy 
density computation gives: 

7.5 Proposition. Let {-B*} denote the elliptic divisibility sequence 
associated to (2, -4) on y"^ = x^ + 7x^ + 2x, and let D = {5, 13, 29, 41, 53}. 
Then the set 

{s prime : Bg has a primitive odd order divisor from R^} 

has Dirichlet density at least 43/45 > 95.5%. □ 

7.6 Remark. It is an interesting question whether, given any elliptic 
divisibility sequence B^, and £ > 0, one can choose a set D such that 

{s prime : Bg has a primitive odd order divisor from R^} 

has density at least 1 — e. 
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